Email on port 465 generates error in outlook

ISPs including Verizon are filtering port 25 traffic which forces customers to start using 465 to send email

When they configure Outlook to send using port 465 they get a warning from outlook that says the "server you are connected to is using a cert than cannot be verified - the target principle name is incorrect "

Im using self signed cert on the server - I know that I can pay $180 a year and get a real cert BUT, will that solve this problem for ALL domains and is there another way that DOESNT require spending the $$

ISPs including Verizon are filtering port 25 traffic which forces customers to start using 465 to send email

When they configure Outlook to send using port 465 they get a warning from outlook that says the "server you are connected to is using a cert than cannot be verified - the target principle name is incorrect "

Im using self signed cert on the server - I know that I can pay $180 a year and get a real cert BUT, will that solve this problem for ALL domains and is there another way that DOESNT require spending the $$

Thanks in advance

Doug

Click to expand...

No it won't solve the problem for all domains. It'll solve the problem for the main hostname. So you'd have to then instruct all your people to connect to the main hostname.

What your customers are seeing is not an "error" - Just tell your customers if they wnat SSl encryption they need to accept the self-signed certificate and move on. I've never had a customer complain abou thte self signed certs on the SSL mail ports. Let your customers know that they can pay you for a standalone server+software if they want goofy signed certificates on thier own mail hostname.

No it won't solve the problem for all domains. It'll solve the problem for the main hostname. So you'd have to then instruct all your people to connect to the main hostname.

What your customers are seeing is not an "error" - Just tell your customers if they wnat SSl encryption they need to accept the self-signed certificate and move on. I've never had a customer complain abou thte self signed certs on the SSL mail ports. Let your customers know that they can pay you for a standalone server+software if they want goofy signed certificates on thier own mail hostname.

Mike

Click to expand...

the problem is that the popup shows up Every time Outlook tries to send an email and the customers who have verizon as an ISP have no choice unless they configure Outlook to send through Verizons outgoing servers

having people use the fqn isnt a problem if it removes the error ... I just dont thiink its worth $175 a year

PartnerNOC

An SSL for the host name of the server can be as little as $40 or so and then just informing users to use server.host.tld (the actual server host name) for the SMTP server is all it takes to avoid warnings.

Alternatively you can have Exim listen on another port from the "service manager" in WHM by specifying an alternative non-tls port such as 26, 587, etc like many hosts do these days as a lot of ISP's block port 25.

the problem is that the popup shows up Every time Outlook tries to send an email...

Click to expand...

Sadly, brain dead Outlook and the Outlook Express do not have a way to say "always trust this certificate" unless one imports the certificate to the Trusted Root Certification Authorities store (what were they thinking?) but then you are giving the certificate issuer god like powers as far as certification is concerned. The entire scheme is a sham to fill the pockets of certification authorities.

any links to the $40 certs?

Click to expand...

You need to watch where you are getting the certificate from, because if it is not one of the, or sub of, predefined authorities in Windows then they will be getting the exact same message until that certificate is imported into the store which you could have done at the first place!
I have the same complain from the users. I tell them they have to live with it and to just to accept it every time they send/receive. Just one extra click after all.